25 Mar
2006
25 Mar
'06
11 a.m.
Steven M. Bellovin wrote:
On Sat, 25 Mar 2006 04:39:11 +0200, Gadi Evron <ge@linuxbox.org> wrote:
Valdis.Kletnieks@vt.edu wrote:
Well, it *is* mostly a theoretical overflow - for it to work, a site would have to:
Exploit is out there. How long did that take?
Is the exploit actually effective in the wild? The conditions Valdis spoke of are improbable -- are there actually vulnerable sites? Or is the attack much easier than he had indicated?
There are two exploit code samples I saw. There are two remote exploits for one of them so far that are public that I know of. I haven't seen any exploited sites yet.